Dear All,

We are being asked by UL (via 60601-1-4 Medical software) to ensure that documents are issued and controlled in accordance with 6.2 & 6.3 of ISO9000-3.

As I do not yet have a copy of this standard, can anyone tell me the specific requirements of these clauses, and are they any different to ISO9001?

Thanks,

Dave :cool:

Dear All,

We are being asked by UL (via 60601-1-4 Medical software) to ensure that documents are issued and controlled in accordance with 6.2 & 6.3 of ISO9000-3.Hi Dave,

I don't have it either, but I'm not overly concerned by that fact. It was pulled back 11 Feb 2004, and has been superseeded by ISO/IEC 90003:2004. (Which, unfortunately I know nothing about).

ISO9000-3:1997, Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software:

4.6.2 Evaluation of subcontractors.
No further software-related guidance is provided.

4.6.3 Purchasing data
Purchasing documents for software development should contain data clearly describing the product ordered, including, where applicable:

a) precise identification of the product ordered, such as product name and/or product number;
b) requirements specification, or the identity of it (or the procedure to identify requirements specifications where not fixed at the time ordered);
c) standards to be applied (e.g. communications protocol, architectural specification);
d) procedures and/or work instructions;
e) development environment;
f) requirements on personnel.

The considerations under contract review may also be applied to subcontracts.

I hope this is what you're asking for?

/Claes

Hello Claes,

thanks for the reply.

I was aware that the standard had been replaced by ISO 90003:2004, but I guess it will have retained document control aspects of the ealier version. It is these particular document control aspects that I am interested in.

regards, Dave

I do not have a copy of ISO 9000-3, but I can tell you something about

----------ISO 90003:2004----------
4.2.3 Control of documentsQuote from ISO 9001:2000
NOTE For further information on document control as part of configuration management, see 7.5.3.

4.2.4 Control of records Quote from ISO 9001:2000
4.2.4.1 Evidence of conformity to requirements
Evidence of conformity to requirements may include
a) documented test results,
b) problem reports, including those related to tools problems,
c) change requests,
d) documents marked with comments,
e) audit and assessment reports, and
f) review and inspection records, such as those for design reviews, code inspections, and walk-throughs.
4.2.4.2 Evidence of effective operation
Examples of evidence of effective operation of the quality management system may include, but are not limited to
a) changes (and the reasoning) to resources (people, software and equipment),
b) estimates, e.g. project size and effort (people, cost, schedule),
c) how and why tools, methodologies and suppliers were selected and qualified,
d) software license agreements (both for software supplied to customers and software procured to aid development),
e) minutes of meetings, and
f) software release records.

7.5.3.1 Overview
For software, identification and traceability is commonly implemented through configuration management.
Configuration management is a management discipline that applies technical and administrative direction to the
design, development and support of configuration items, including software items. This discipline is also
applicable to related documentation (see also 4.2.3) and hardware. The degree of configuration management
use is dependent on the project size, complexity and risk level.
One objective of configuration management is to provide full visibility of the product’s present configuration and
status. Another objective is that everyone working on the product at any time in its life cycle uses appropriate
versions of items.

7.5.3.2 specifies the configuration management process,
7.5.3.3 specifies traceability
----------/ISO 90003:2004----------

Hope this helps...

Thanks,

It does indeed look helpful.


Dave